0
0
AWScloud~10 mins

ECS with ALB integration in AWS - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
When you want to run your app in containers on AWS and make it reachable from the internet, you need a way to balance traffic to your containers. ECS with ALB integration lets you run containers and automatically distribute incoming web traffic to them safely and efficiently.
When you want to run multiple copies of your app in containers and share incoming web traffic between them.
When you want AWS to automatically check if your containers are healthy and only send traffic to healthy ones.
When you want to use a single web address to reach your app even if containers move or restart.
When you want to scale your app containers up or down based on demand without changing how users connect.
When you want to separate your app traffic from other services using a load balancer.
Config File - ecs-alb-task-def.json
ecs-alb-task-def.json
{
  "family": "my-app-task",
  "networkMode": "awsvpc",
  "containerDefinitions": [
    {
      "name": "my-app-container",
      "image": "nginx:latest",
      "portMappings": [
        {
          "containerPort": 80,
          "protocol": "tcp"
        }
      ],
      "essential": true
    }
  ],
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "256",
  "memory": "512"
}

This JSON file defines the ECS task that runs your container. It sets the container image to nginx, exposes port 80, and uses Fargate with awsvpc networking for easy integration with the Application Load Balancer (ALB).

Commands
This command registers the task definition in ECS using the JSON file. It tells ECS how to run your container with the right settings.
Terminal
aws ecs register-task-definition --cli-input-json file://ecs-alb-task-def.json
Expected OutputExpected
{ "taskDefinition": { "taskDefinitionArn": "arn:aws:ecs:us-east-1:123456789012:task-definition/my-app-task:1", "family": "my-app-task", "revision": 1, "status": "ACTIVE" } }
--cli-input-json - Specifies the JSON file with task definition details
This command creates an Application Load Balancer (ALB) in the specified subnets with the given security group to control access.
Terminal
aws elbv2 create-load-balancer --name my-app-alb --subnets subnet-abc12345 subnet-def67890 --security-groups sg-0123456789abcdef0
Expected OutputExpected
{ "LoadBalancers": [ { "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-app-alb/50dc6c495c0c9188", "DNSName": "my-app-alb-1234567890.us-east-1.elb.amazonaws.com", "State": {"Code": "provisioning"} } ] }
--name - Sets the name of the load balancer
--subnets - Specifies the subnets where the ALB will be available
--security-groups - Assigns security groups to control traffic
This command creates a target group that will hold the ECS tasks (containers) to receive traffic from the ALB on port 80.
Terminal
aws elbv2 create-target-group --name my-app-tg --protocol HTTP --port 80 --vpc-id vpc-0abc123def456ghij
Expected OutputExpected
{ "TargetGroups": [ { "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-app-tg/6d0ecf831eec9f09", "Protocol": "HTTP", "Port": 80, "VpcId": "vpc-0abc123def456ghij" } ] }
--name - Names the target group
--protocol - Sets the protocol for traffic
--port - Sets the port for traffic
--vpc-id - Specifies the VPC where the target group lives
This command creates a listener on the ALB that listens on port 80 and forwards incoming traffic to the target group of ECS tasks.
Terminal
aws elbv2 create-listener --load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-app-alb/50dc6c495c0c9188 --protocol HTTP --port 80 --default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-app-tg/6d0ecf831eec9f09
Expected OutputExpected
{ "Listeners": [ { "ListenerArn": "arn:aws:elasticloadbalancing:us-east-1:123456789012:listener/app/my-app-alb/50dc6c495c0c9188/9f1b2c3d4e5f6g7h", "Port": 80, "Protocol": "HTTP" } ] }
--load-balancer-arn - Specifies which ALB to attach the listener to
--protocol - Sets the protocol the listener uses
--port - Sets the port the listener listens on
--default-actions - Defines what the listener does with incoming traffic
This command creates an ECS service that runs two copies of your task on Fargate, connects them to the ALB target group, and places them in the specified subnets with public IPs.
Terminal
aws ecs create-service --cluster default --service-name my-app-service --task-definition my-app-task --desired-count 2 --launch-type FARGATE --network-configuration "awsvpcConfiguration={subnets=[subnet-abc12345,subnet-def67890],securityGroups=[sg-0123456789abcdef0],assignPublicIp=ENABLED}" --load-balancers "targetGroupArn=arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-app-tg/6d0ecf831eec9f09,containerName=my-app-container,containerPort=80"
Expected OutputExpected
{ "service": { "serviceName": "my-app-service", "clusterArn": "arn:aws:ecs:us-east-1:123456789012:cluster/default", "status": "ACTIVE", "desiredCount": 2 } }
--desired-count - Sets how many task copies to run
--network-configuration - Defines networking details for the tasks
--load-balancers - Connects the service to the ALB target group
Key Concept

If you remember nothing else from this pattern, remember: the ALB routes web traffic to your ECS containers through a target group, keeping your app reachable and balanced.

Common Mistakes
Not specifying the correct subnets or security groups when creating the ALB or ECS service
The ALB or ECS tasks won't be reachable or will have network errors if subnets or security groups are wrong.
Always use subnets in your VPC that allow internet traffic and security groups that permit HTTP traffic on port 80.
Forgetting to set the container port in the ECS task definition to match the ALB target group port
The ALB won't be able to forward traffic correctly if ports don't match, causing connection failures.
Ensure the container port in the task definition matches the port defined in the target group and listener.
Not assigning public IPs to ECS tasks when using public subnets
Tasks won't have internet access or be reachable from the ALB if they lack public IPs in public subnets.
Set assignPublicIp=ENABLED in the network configuration for tasks in public subnets.
Summary
Register an ECS task definition describing your container and port.
Create an Application Load Balancer in the right subnets with security groups.
Create a target group for the ALB to send traffic to your containers.
Create a listener on the ALB to forward HTTP traffic to the target group.
Create an ECS service that runs your tasks and connects them to the ALB target group.